From 58a9d9cf97c2d79101be73040d5d3d7252d22d11 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Tue, 13 May 2025 01:03:45 +0200
Subject: [PATCH] Fix reset retry when OTP is enabled.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/openpgp/cmd_reset_retry.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/openpgp/cmd_reset_retry.c b/src/openpgp/cmd_reset_retry.c
index 0df7f45..1a84a2f 100644
--- a/src/openpgp/cmd_reset_retry.c
+++ b/src/openpgp/cmd_reset_retry.c
@@ -16,6 +16,7 @@
  */
 
 #include "openpgp.h"
+#include "otp.h"
 
 int cmd_reset_retry() {
     if (P2(apdu) != 0x81) {
@@ -44,6 +45,8 @@ int cmd_reset_retry() {
             newpin_len = apdu.nc - pin_len;
             has_rc = true;
             hash_multi(apdu.data, pin_len, session_rc);
+            has_pw1 = has_pw3 = false;
+            isUserAuthenticated = false;
         }
         else if (P1(apdu) == 0x2) {
             if (!has_pw3) {
@@ -59,6 +62,11 @@ int cmd_reset_retry() {
         if (!tf) {
             return SW_REFERENCE_NOT_FOUND();
         }
+        if (otp_key_1) {
+            for (int i = 0; i < 32; i++) {
+                dek[IV_SIZE + i] ^= otp_key_1[i];
+            }
+        }
         uint8_t def[IV_SIZE + 32 + 32 + 32 + 32];
         memcpy(def, file_get_data(tf), file_get_size(tf));
         hash_multi(apdu.data + (apdu.nc - newpin_len), newpin_len, session_pw1);
@@ -74,6 +82,9 @@ int cmd_reset_retry() {
             return SW_MEMORY_FAILURE();
         }
         low_flash_available();
+        if ((r = load_dek()) != PICOKEY_OK) {
+            return SW_EXEC_ERROR();
+        }
         return SW_OK();
     }
     return SW_INCORRECT_P1P2();